Forum Discussion
Carsten2021
Dec 14, 2021Copper Contributor
Security Issue with log4j ?
Hello, we found the log4j.jar files in an Microsoft SQL folder. Most likely those files are only used when you use an ODBJC connector? Am I right? By default those Java files are no problem a...
- Dec 15, 2021SQL Server does install log4j, more info here:
https://docs.microsoft.com/en-us/answers/questions/662469/log4j-vulnerability-concerns.html
olafhelper
Dec 15, 2021Bronze Contributor
Carsten2021 , MS SQL Server do not install nor utilize any Java components.
Is it possible, that you have installed a third-party product as extension for SSIS?
- Carsten2021Dec 15, 2021Copper ContributorThere is a software installed, but no Java. I guess it came with SQL Express ...
- ccparkhillDec 15, 2021Copper ContributorSQL Server does install log4j, more info here:
https://docs.microsoft.com/en-us/answers/questions/662469/log4j-vulnerability-concerns.html- Tom_ButlerFeb 23, 2022Copper Contributor
- UjwalaVDec 15, 2021Copper ContributorWill there be any impact if we delete log4j from below directory
Directory: C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars
Is there any way to restore it back (after deleting) and upgrade the log4j version?- ccparkhillDec 15, 2021Copper Contributor
UjwalaV I suppose you could move the file to a different folder and restart SQL Server and see if there's an impact, if there is just move it back and restart again. I'm not sure if you can upgrade it as I presume SQL Server is expecting the version it ships with. Hopefully MS issue a response soon.